What Personal Information Do We Collect?
We collect certain personal information about visitors and users of our platforms. The most common types of information we collect include things like: first and last name, email addresses, university/college details, professional contact details, physical address, IP addresses, survey responses, blogs, photos, payment information, transactional details, tax information, and web analytics data. We will also collect personal information from job and program applications (such as your resume/CV, the application answers itself, cover letter and interview notes).
How Does CCC Collect Personal Information?
We collect personal information directly when you provide it to us, whether online or in person, or automatically as you navigate through our platforms. This includes when you provide it to us by completing event registration, applying for one of our programs, submitted a donation, subscribing to a newsletter, submitting feedback, entering a contest, filling out a survey, attending an in person event, or sending us a communication.
What Personal Information Do We Get About You From Others?
Although we generally collect personal information directly from you, we also get certain information about you from other sources. That information can include:
- financial and/or transaction details to process a transaction
- third party service providers (like Google, Facebook) may provide information about you when you link, connect, or login to your account with the third party provider. The information varies and is controlled by that service provider as authorized by you via your privacy settings at that service provider
- other third party sources and/or partners, where, as allowed by law, we receive additional information about you such as demographic data.
How Do We Use Personal Information?
We will use your personal information:
- To fulfil a contractual obligation, or take necessary steps related to our contractual agreement. Most notably, when facilitating and processing transactions, such as when you purchase a ticket to our event or submit a donation.
- Where it is necessary for purposes which are in our, or third parties, legitimate interests. These interests can include:
- operating our platforms
- providing you with services described on the platforms
- verifying your identity when you sign in to any of our platforms
- responding to support tickets and helping facilitate the resolution of any disputes
- updating you with operational news and information about our platforms and services (e.g. to notify you about changes to our platforms, website disruptions or security updates)
- carrying out technical analysis to determine how to improve our platforms and services we provide
- managing our relationship with you
- managing our legal and operational affairs
- training CCC staff about how to best serve our user community
- improving our products and services
- providing general administrative and performance functions and activities
- processing your job and program application
- reporting on our activities
- complying with financial and operations audits
- When you give us consent, we will:
- provide you with information about our programs and events, organizational updates, partner organization opportunities, sponsorship and donation opportunities, and other products and services which we feel may interest you.
- For purposes which are required by law.
When Do We Share Your Personal Information?
We will disclose personal information to the following recipients:
- CCC employees and contractors who are located around the world.
- subcontractors and service providers who we contract with (e.g. website hosting providers, recruitment agencies, marketing and analytics services; security and fraud prevention services, subscription management services, payment processing services, and identification verification services.
- with select allied partner organizations, on a case by case basis. This allows your name to be under consideration for various opportunities including internships, employment, mailings and events.
- our professional advisers (e.g. lawyers, accountants, financial advisers, etc.)
- regulators and government authorities in connection with our compliance procedures and obligations.
- a third party, to enforce or defend our rights, or to address financial or reputational risks.
Where Do We Transfer and/or Store Your Personal Information?
We are based in the United States and data is processed in the United States. Some of the recipients we have described above, and to whom we disclose your personal information, included staff and contractors, are based inside and outside the United States. To protect your information, we take care where possible to work with contractors and service providers who we believe maintain an acceptable standard of data security compliance.
How Do We Keep Your Personal Information Secure?
We store personal information on secure servers that are managed by Salesforce or Google, or, in some limited cases, ourselves. We do not make hard copies of any files, and if we do, they are protected using industry standard encryption and are only used for backup purposes. Personal information that is transmitted is protected by security and access controls, including username and password authentication, two-factor authentication, and data encryption where appropriate.
How Can You Access Your Personal Information?
You have the right to:
- make a request to access the personal information we hold about you and to request corrections of any errors in that data
- close the account you have with us at any time
- ask us to port your personal information (i.e. to transfer in a structured, commonly used and machine-readable format, to you), to erase it, or restrict its processing.
- object to some processing that is based on our legitimate interests, such as profiling that we perform for the purposes of direct marketing, and, where we have asked for your consent to process your data, to withdraw this consent.
These rights are limited in some situations – for example, we can demonstrate that we have a legal requirement to process your personal information. In some instances, this means that we may retain some data even if you withdraw your consent. Where we require your personal information to comply with legal or contractual obligations, then provision of such data is mandatory: if such data is not provided, then we will not be able to manage our contractual relationship with you, or to meet obligations placed on us. To make an access or correction request, contact us at firstname.lastname@example.org.
How Do You Control How We Communicate With You?
When we have your consent, we send you marketing communications by email about products and services that we feel may be of interest to you. You can ‘opt-out’ of such communications if you would prefer not to receive them in the future by using the “unsubscribe” link provided in the communication itself. We never knowingly send our marketing material to individuals who have not personally signed up to receive them. If you do receive marketing emails from us without having signed up, please contact us. You also have choices about cookies, as described below. By modifying your browser preferences, you have the choice to accept all cookies, to be notified when a cookie is set, or to reject all cookies. If you choose to reject cookies some parts of our platforms may not work properly in your case.
More Information About Cookies and Web Analytics
When you visit our platforms, there is certain information that is recorded which is generally anonymous information and does not reveal your identity. If you are logged into your account (e.g. on SFLAcademy.org), some of this information could be associated with your account. The following kinds of details are what tend to be collected:
- your IP address or proxy server IP address
- the domain name you requested
- the name of your internet service provider is sometimes captured depending on the configuration of your ISP connection
- the date and time of your visit to the website
- the length of your session
- the pages which you have accessed
- the number of times you access our site within any month
- the file URL you look at and information relating to it
- the website which referred you to our platform
- the operating system which your computer uses
Occasionally, we will use third-party advertising companies to serve ads based on prior visits to our various platforms (i.e. our website, Facebook, etc.). For example, if you visit our platforms, you may later see an ad for our products and services when you visit a different site or use the Google Search Engine.
Information About Children
Our platforms are not suitable for children under 18 years of age. If you are under 18, we ask that you do not use our platforms or give us your personal information. It is the responsibility of parents or guardians to monitor their children’s use of our platforms.
How Long Do We Keep Your Personal Information?
We will need to change this policy from time to time to make sure it stays up to date with the latest legal requirements and any changes to our privacy management practices. When we do change the policy, we will make sure to notify you about such changes, where required. A copy of the latest version of this policy will always be available on this page.
How Can You Contact Us?